Pegasus CMS 1.0 extra_fields.php 远程代码执行漏洞

该 RCE 漏洞的影响极其严重，攻击者可以完全控制受影响的 Pegasus CMS 服务器。攻击者可以利用此漏洞上传恶意文件、修改数据库内容、窃取敏感数据，甚至利用服务器作为跳板攻击内部网络。由于该漏洞无需身份验证，攻击者可以轻易地利用它。与某些其他 CMS 漏洞类似，此漏洞可能导致服务器被完全控制，并被用于发起进一步的网络攻击。

Organizations running Pegasus CMS version 1.0.0–1.0, especially those with publicly accessible instances, are at significant risk. Shared hosting environments are particularly vulnerable, as a compromised CMS installation can potentially impact other websites hosted on the same server. Systems with weak firewall configurations or lacking intrusion detection systems are also at increased risk.

• php: Examine web server access logs for POST requests to submit.php with unusual or suspicious data in the action parameter. Look for patterns indicative of PHP code injection.

grep 'action=[a-zA-Z0-9;+\/\*\(\)"' /var/log/apache2/access.log

• php: Search the extra_fields.php file for instances of the eval() function and assess if input validation is performed before its usage.

grep 'eval(' extra_fields.php

• generic web: Monitor network traffic for POST requests to submit.php originating from unusual IP addresses or exhibiting suspicious user agent strings. • generic web: Check for newly created files or modified files within the Pegasus CMS installation directory, particularly those with PHP extensions, which could indicate successful code execution.

1. 2026-04-05Disclosure

   disclosure

1. 已保留2026-04-05
2. 发布日期2026-04-05
3. 修改日期2026-04-06
4. EPSS 更新日期2026-04-13

由于该漏洞的根本原因是代码中的不安全函数使用，因此最佳的缓解措施是升级到已修复的版本。如果无法立即升级，可以考虑以下临时缓解措施：首先，禁用或移除 extra_fields.php 插件。其次，配置 Web 应用防火墙 (WAF) 以阻止包含恶意 PHP 代码的 POST 请求。第三，审查服务器的访问日志，查找可疑的 POST 请求。最后，确保服务器上的 PHP 版本是最新的，并应用所有安全补丁。